Appl. No. 09/608,986 

Amdt. dated October 15, 2004 

Reply to Office Action of April 15, 2004 

REMARKS/ARGUMENTS 

Claims 1-27 are pending in the present application. Claims 1-7 have been withdrawn. 
Claims 8-27 have been rejected. Claim 17 is objected to. In the above amendments, claims 12- 
14, 17 and 23 have been amended. 

A. Objection of Drawings and Rejection of Claim 12 under 35 U.S.C. § 1 12, First Paragraph 
The Examiner objected to the drawings under 37 C.F.R. § 1.83(a) for failing to show 

every feature of the invention specified in the claim 12 and rejected claim 12 under 35 U.S.C. § 
112, first paragraph as failing to comply with the enablement requirement. By this paper, claim 
12 has been amended to provide, " checking a signature on the submitted certificate with the 
trusted certificate," which has support in item numeral 316 of Figure 3B and page 8, lines 7-10, 
which similarly provides, "verify the certificate by checking the certificate's signature with the 
trusted core's certificate at 316." Because the claimed features have been canceled from the 
claims and the amended claim 12 now is fully supported in the specification, Applicants 
respectfully request that the objection and rejection be withdrawn. 

B. Objection of Claim 1 7 

The Examiner objected to claim 17 because of an informality. Applicants have amended 
claim 17 to correct the informality and respectfully request withdrawal of this objection. 

C. Rejection of Claims 13-15 and 23 under 35 U.S.C. § 112, Second ParaRraph 

The Examiner rejected claims 13-15 and 23 under 35 U.S.C. § 112, second paragraph as 
failing to distinctly claim the Applicants' invention. Claims 13-14 and 23 have been amended as 
suggested by the Examiner. Claim 15 was rejected for depending from claim 14 that is now 
amended to distinctly claim the Applicants' invention. Applicants respectfully request 
withdrawal of this rejection of claims 13-15 and 23. 
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D. Rejection of Claim 14 Under 35 U.S.C. § 102 

The Examiner rejected claim 14 under 35 U.S.C. § 102 as being anticipated by Applied 
Cryptologv. Second Edition by Schneier (hereinafter "Schneier"). This rejection is respectfully 
traversed. 

"A claim is anticipated only if each and every element as set forth in the claim is found, 
either expressly or inherently described, in a single prior art reference." M.P.E.P. § 2131 (July 
1998) ( citing Verdegaal Bros, v. Union Oil Co. of California , 814 F.2d 628, 631, 2 USPQ2d 
1051, 1053 (Fed. Cir. 1987)). "The identical invention must be shown in as complete detail as is 
contained in the . . . claim." M.P.E.P. § 2131 (July 1998) ( citing Richardson v. Suzuki Motor 
Co,, 868 F.2d 1226, 1236, 9 USPQ2d 1913, 1920 (Fed. Cir. 1989)). In addition, "the reference 
must be enabling and describe the applicant's claimed invention sufficiently to have placed it in 
possession of a person of ordinary skill in the field of the invention." In re Paulsen , 31 USPQ2d 
1671, 1673 (Fed. Cir. 1994). 

Claim 14 has been amended to provide, "determining that the client is a WinlNET-based 
component." Support for this amendment may be found in Figure 4 and in the specification on 
page 9, lines 19-24. Schneier does not include this limitation and therefore does not anticipate 
claim 14. Applicants respectfully requests that this rejection of claim 14 be withdrawn. 

E. Rejection of Claims 8-12, 16-22 and 24-27 Under 35 U.S.C. § 103(a) 

The Examiner rejected claims 8-12, 16-22 and 24-27 under 35 U.S.C. § 103(a) as being 
unpatentable over U.S. Patent No. 5,657,390 to Elgamal et. al. (hereinafter, "Elgamal") in view 
of "Single Sign-On Using Cookies for Web Applications" by Samar (hereinafter, "Samar"). 
This rejection is respectfully traversed. 

M.P.E.P. §2142 states that: 

To establish a prima facie case of obviousness, three basic criteria must be 
met. First, there must be some suggestion or motivation, either in the references 
themselves or in the knowledge generally available to one of ordinary skill in the 
art, to modify the reference or to combine reference teachings. Second, there must 
be a reasonable expectation of success. Finally, the prior art reference (or 
references when combined) must teach or suggest all the claim limitations. The 
teaching or suggestion to make the claimed combination and the reasonable 
expectation of success must both be found in the prior art, and not based on 
applicant's disclosure. 
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The initial burden is on the examiner to provide some suggestion of the 
desirability of doing what the inventor has done. To support the conclusion that 
the claimed invention is directed to obvious subject matter, either the references 
must expressly or impliedly suggest the claimed invention or the examiner must 
present a convincing line of reasoning as to why the artisan would have found the 
claimed invention to have been obvious in light of the teachings of the references. 

Independent claims 8 and 16 include the limitation, "saving the response as a named 
cookie." Additionally, independent claims 24 and 26 include the analogous limitation of, "save 
the response as a named cookie." Applicants respectfully assert that neither Elgamal nor Samar 
teach or suggest all these claim limitations. 

The Examiner correctly noted in the Office Action on page 5 and page 7 of section 13 
that "Elgamal does not disclose saving the response as a named cookie." However, the 
Examiner incorrectly asserted on page 5 of the office action that "Samar teaches that storing 
response data (cookie id and cookie integrity check) (Fig. 1 & §6.1.2) is advantageous for single 
sign-on because no extra software has to be installed and it is independent from the 
authentication mechanism (§4)." Upon closer reading of Samar, especially Figure 1 and §6.1.2, 
Samar does not teach or suggest saving the response as a named cookie. 

Figure 1 of Samar only has an arrow back to the client browser indicating that "Data + 
Cookie" is sent. The explanation of Figure 1 only states: 

1. The user connects to Web Server A over http using any of the web server 
supported authentication services. 

2. Web Server A sends over SSL relevant information to a centralized Cookie 
Server including the name of the user, requested expiry time, and any session 
specific information such as language, etc. ... 

Nowhere in the explanation of Figure 1 (§6.1) or in Figure 1 does Samar suggest that a response 

to a challenge is saved as a named cookie. Similarly, §6.1.2 only states that: 

we do not want to include anything more than what is absolutely necessary to 
identify the state information with the cookie. The cookie itself is not being 
encrypted because it does not contain any user-specific information that can be 
stolen. Besides its name, the cookie contains: Bakery ID ... Cookie identifier ... 
Cookie integrity check. 
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Furthermore, Samar does not discuss a challenge and response as set forth in the application. 
Therefore, Samar and Elgamal do not teach or suggest every limitation of claims 8, 16, 24, and 
26. Thus, claims 8, 16, 24, and 26 are patentable over Samar and Elgamal. 

Because claims 9-12 depend from claim 8, claims 17-22 depend from claim 16, and 
claims 25 and 27 depend from claims 24 and 26, respectively, claims 9-12, 17-22, 25, and 27 
also include the limitations of these independent claims. Therefore, claims 9-12, 17-22, 25, and 
27 are also patentable over Samar and Elgamal. Applicants respectfully request withdrawal of 
this rejection of claims 8-12, 16-22 and 24-27. 

F. Rejection of Claim 13 Under 35 U.S.C. § 103(a) 

The Examiner rejected claim 13 under 35 U.S.C. § 103(a) as being unpatentable over 
Elgamal in view of Samar and in further view of Applied Cryptography. Second Edition by 
Schneier (hereinafter "Schneier"). This rejection is respectfully traversed. 

The requirements for establishing a prima facie case of obviousness are provided above. 
Applicants respectfully submit that claim 13 is patentably distinct from the cited references. 
Even if Elgamal, Samar, and Schneier were combined as the Examiner proposes, the resulting 
combination does not teach or suggest all the limitations of claim 13. 

Claim 13 includes the limitation "saving the response as a named cookie." As discussed 
above, neither Elgamal nor Samar teaches or suggests this limitation. 

Schneier does not make up for the deficiencies of Elgamal and Samar. Applicants submit 
that nothing in Schneier teaches or suggests "saving the response as a named cookie." 
Moreover, in the Office Action, the Examiner did not assert that Schneier teaches or suggests 
this limitation. 

In view of the foregoing, Applicants submit that the combination of Elgamal, Samar, and 
Schneier does not teach or suggest all of the limitations in claim 13. Therefore, Applicants 
respectfully request that the rejection of claim 13 be withdrawn. 

G. Rejection of Claim 15 Under 35 U.S.C. S 103(a) 

The Examiner rejected claim 15 under 35 U.S.C. § 103(a) as being unpatentable over 
Schneier and in view of U.S. Patent 6,199,1 13 to Alegre et. al. (hereinafter "Alegre") and "HTTP 
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State Management Mechanism" by Kristol et. al. (hereinafter "Kristol"). This rejection is 
respectfully traversed. 

The requirements for establishing a prima facie case of obviousness are provided above. 
Applicants respectfully submit that claim 15 is patentably distinct from the cited references. 
Even if Schneier, Alegre, and Kristol were combined as the Examiner proposes, the resulting 
combination does not teach or suggest all the limitations of claim 15. 

Claim 15 includes the limitation "determining the client is a WinlNET-based 
component." As discussed above in the rejection of claim 14, Schneier does not teach or suggest 
this limitation. Alegre and Kristol do not similarly teach or suggest this limitation. Applicants 
submit that nothing in Alegre or Kristol teaches or suggests "determining the client is a 
WinlNET-based component." 

Additionally, Applicant's respectfully assert that the there is no motivation to combine 
Schneier and Alegre with Kristol to send "the encrypted key ... using a hypertext transfer 
protocol (HTTP) header." Application claim 15. Conversely, the Examiner asserts on page 11, 
in section 15 of the Office Action that "One of ordinary skill in the art would have been 
motivated to perform such a modification to set the cookie according to the HTTP/1.0 and HTTP 
State Management Mechanisms standards, as taught by Kristol." 

M.P.E.P §2145(X)(D)(2) specifically provides "It is improper to combine references 
where the references teach away from their combination. In re Grasselli, 713 F.2d 731, 743, 218 
USPQ 769, 779 (Fed. Cir. 1983)." Applicants respectfully assert that Kristol teaches away from 
the examiner's suggested combination. More specifically, Kristol specifically teaches and warns 
in §8.1: 

The information in the Set-Cookie and Cookie headers is unprotected. Two 
consequences are: 

1. Any sensitive information that is conveyed in them is exposed to intruders. 

2. A malicious intermediary could alter the headers as they travel in either 
direction, with unpredictable results. 

These facts imply that information of a personal and/or financial nature should 
only be sent over a secure channel. For less sensitive information, or when the 
content of the header is a database key, an origin server should be vigilant to 
prevent a bad Cookie value from causing failures. 
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Therefore, Kristol cannot be combined with Schneier and Alegre to render claim 15 
unpatentable. 

In view of the foregoing, Applicants submit that there is no motivation to combine 
Schneier, Alegre, and Kristol. Furthermore, the Examiner's combination of Schneier, Alegre, 
and Kristol does not teach or suggest all of the limitations in claim 15. Therefore, Applicants 
respectfully request that the rejection of claim 15 be withdrawn. 
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H. Rejection of Claim 23 Under 35 U.S.C. $ 103(a) 

The Examiner rejected claim 13 under 35 U.S.C. § 103(a) as being unpatentable over 
Elgamal in view of Samar and in further view of Handbook of Applied Cryptography by 
Menezes et. al. (hereinafter "Menezes"). This rejection is respectfully traversed. 

The requirements for establishing a prima facie case of obviousness are provided above. 
Applicants respectfully submit that claim 23 is patentably distinct from the cited references. 
Even if Elgamal, Samar, and Menezes were combined as the Examiner proposes, the resulting 
combination does not teach or suggest all the limitations of claim 23. 

Claim 23 includes the limitation "saving the response as a named cookie with an 
authentication token." As discussed above, neither Elgamal nor Samar teaches or suggests this 
limitation. Moreover, in the Office Action, the Examiner did not assert that Menezes teaches or 
suggests this limitation. 

In view of the foregoing, Applicants submit that the combination of Elgamal, Samar, and 
Menezes does not teach or suggest all of the limitations in claim 23. Therefore, Applicants 
respectfully request that the rejection of claim 23 be withdrawn. 

Applicants respectfully assert that claims 8-27 are patentably distinct from the cited 
references, and request that a timely Notice of Allowance be issued in this case. If there are any 
remaining issues preventing allowance of the pending claims that may be clarified by telephone, 
the Examiner is requested to call the undersigned. 



Date: October 15, 2004 

MADSON & METCALF 
Gateway Tower West 
15 West South Temple, Suite 900 
Salt Lake City, Utah 84101 
Telephone: 801/537-1700 



Respectfully submitted, 




Wesley I/Au^un / 
Reg. No. 42,273 
Attorney for Applicant(s) 
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